The present invention relates to devices that communicate over a wireless mesh network. In particular, the present invention relates to provisioning a wireless device to join a wireless mesh network.
Mesh networks use a process known as “joining” to incorporate new devices into the secured network. During the joining process, a number of information exchanges and configurations take place.
The new device uses a network predetermined channel to discover similar devices within radio range. These are the existing network nodes the new device has available to it in order to gain membership into the network. The presence of each device within range is recorded. The new device sends a message to establish a handshake protocol with a neighbor device, asks to join the network, and provides a device number and network ID. The neighbor communicates the request to a network manager, which for example may be a software program running on a network gateway or a server connected to the gateway. The new device will provide its “neighbor” list to the network manager so that the network manager can determine the links that must be established to allow the new device to participate in the network.
The new device receives a joining message from the network manager. The new device then sends back the expected response along with other information necessary for the network manager to establish links from the new device to other devices in the network.
The new device and its new parents and children receive and implement configuration information from the network manager to establish the required links. The new device is then fully joined and participating in the network.
For wireless mesh networks, communication security and ease of use are two important features. These two features can be at odds, because communication security implies complexity and an opportunity for things to go wrong.
In one approach used in wireless mesh networks, security is predicated on a symmetric join key mechanism. By loading the correct join key into a device, that device is then capable of communicating with its neighbors and the gateway of the mesh network in a secure way. In this approach, during the joining process, the message to the neighbor device is encrypted by the new device using its stored join key. If the new device has the wrong join key, the join request will be rejected by the neighbor and will not be sent on to the network manager. The new device also uses the join key to decode the joining message from the network manager. Other approaches to security are possible that do not require a symmetric join key mechanism. These other approaches make use of asymmetric or symmetric encryption keys or other cryptographic material stored in the devices to provide network security.
One challenge with wireless mesh networks is how to load cryptographic material (such as a join key or other symmetric or asymmetric keys) to the wireless device the first time. If the loading is done manually, human errors can occur. If the loading is done through wireless communication with the device, the communication is not secure, and another wireless device within range may be able to receive and possibly misuse the cryptographic material that was intended for the new device that is being loaded.
Join keys are long random strings and are clumsy to load manually. The task of loading join keys into wireless devices is complicated when there are many wireless devices to provision. The task of loading join keys is further complicated when individual join keys are used.
Both common join keys and individual join keys have been used in wireless mesh networks. A common join key works for all devices that want to join a particular network. An individual join key is used for only one wireless device to join a network. In other words, when individual join keys are used, each wireless device must be provided a different individual join key.
Documentation is another important facet when considering the use of a wireless mesh network. Procedures that have been used in the past for adding join keys to wireless devices, for join key number generation, and for generating the documentation relating to wireless devices under join keys has been fragmented and has required significant manual effort.
A typical process for providing a common join key to a wireless device so that it can join a network is as follows. First, a user retrieves the common join key from the wireless gateway. This may be done, for example, through a computer connected on a network to the gateway. The user then writes the join key down on a piece of paper and stores the paper with the written join key. Often, the paper and the join key are not maintained in a secure location. The user then makes use of a handheld device to load the join key into the wireless device. The user may document when the join key was loaded into a particular wireless device, and the time at which the loading took place. The user repeats these steps until all of the wireless devices to be added to the wireless mesh network have received the common join key.
This practice has several disadvantages. First, it exposes a common join key to many people within the facility. Second, the join key is often recorded on paper, and may be left unsecured for use the next time a wireless device is being added to the network. Third, documentation is handled manually. Therefore, it may be forgotten; it may not be part of the procedure being used to provision the wireless devices; and it may be prone to human error. Fourth, the process of provisioning the wireless devices is time consuming, particularly when there are a large number of wireless devices involved. Because errors can be made in entering the join key into the handheld device, rework may be necessary in order to get all of the wireless devices provisioned.
A typical process for a mesh network using individual join keys is as follows. A user will retrieve an individual join key from the wireless gateway and write the individual join key down on a piece of paper. The user subsequently uses a handheld device to load the join key into the wireless device. The user then goes back to the wireless gateway and retrieves the next individual join key. The user documents that an individual join key was loaded into a particular wireless device at a particular time. These steps are then repeated until all wireless devices are complete.
This practice improves security over the use of common join keys because once an individual join key is used, it is no longer valid. However, the process involves substantially more time because the user must go to the gateway after each device is commissioned. This may be inconvenient where the wireless devices that are being provisioned are located where access to a gateway interface is not readily available. Once again, documentation is handled manually, which means that it may be forgotten, not made part of a procedure, or may be subject to human error.